EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Events not triggered when setting DeleteProtect AccessFlag

Also by EldoS: SecureBlackbox
200+ components and classes for digital security, signing, encryption and secure networking.
#32379
Posted: 02/27/2015 07:26:03
by Vladimir Cherniga (EldoS Corp.)

Quote
Gopal Malviy wrote:
. Can I be able to use any other error codes

Yes for sure.
#32384
Posted: 02/27/2015 08:38:38
by Gopal Malviy (Basic support level)
Joined: 02/26/2015
Posts: 10

Throwing exception with 22 returns same prompt as throwing exception with 0.
Code
throw new ECBFltError(22);


It's not changing the prompt as per the documentation.
https://www.eldos.com/documentation/cbflt/ref_cl_ecbflterror_prp_errorcode.html
#32385
Posted: 02/27/2015 08:44:55
by Vladimir Cherniga (EldoS Corp.)

Win32 error codes translated to NT error codes used in kernel mode. Some of them may be converted to the same error code available only in kernel. There is no one to one dependency. From the other side, kernel NT error codes converted back to user mode when returned to application and there is also an applications right to trigger some kind of error message. You should experiment with it.
#32386
Posted: 02/27/2015 08:58:48
by Gopal Malviy (Basic support level)
Joined: 02/26/2015
Posts: 10

I came across basic requirement flaw. The DeleteCallback does not prevent deletion of files through command prompt.
#32387
Posted: 02/27/2015 09:02:06
by Vladimir Cherniga (EldoS Corp.)

File may be deleted in two ways: 1) with SetInformation request 2) open file with DELETE_ON_CLOSE flag set. DeleteCallback is triggered on SetInformation request only. You should handle open/create callbacks as well.
#32388
Posted: 02/27/2015 09:12:37
by Gopal Malviy (Basic support level)
Joined: 02/26/2015
Posts: 10

You've mentioned this point earlier as well. Can you make me understand bit more on this? Sample code would be great.
#32389
Posted: 02/27/2015 09:18:23
by Vladimir Cherniga (EldoS Corp.)

Here is an article from the knowledge base https://www.eldos.com/cbflt/articles/7923.php
I would also recommend a ProcMon tool from Microsoft, it may come in handy analyzing file system activity and understanding file system requests flow.
#32393
Posted: 02/28/2015 00:39:51
by Gopal Malviy (Basic support level)
Joined: 02/26/2015
Posts: 10

Is it what you were talking about? And is there any better way of comparing the values? Enum or something like that?

Code
        void CbFltOpenFileEventC(CallbackFilter Sender, string FileName, ref UInt32 DesiredAccess, ref UInt32 FileAttributes, ref UInt16 ShareMode, ref UInt32 Options, ref UInt16 CreateDisposition, ref bool VirtualFile, ref bool ProcessRequest)
        {
            if (DesiredAccess == 65536 && ShareMode == 4 && Options == 1140850752)
            {
                System.Diagnostics.Debug.WriteLine("User must be deleting file from cmd prompt");
                throw new ECBFltError(1);
            }

        }


It seems I'm redirected to forum list page on clicking Next/Last/Page Index in this forum. I cannot be able to see your reply. Can you mail me your response my email address?
#32394
Posted: 02/28/2015 04:02:35
by Vladimir Cherniga (EldoS Corp.)

Quote
Gopal Malviy wrote:
Is it what you were talking about? And is there any better way of comparing the values? Enum or something like that?

You should test an individual bit fields in the DesiredAccess and ShareMode. It is better to define a hexadecimal constants to get clear view. You may find that values in msdn or in sdk headers. Alternatively use enumeration like this:
Code
    public enum class CbFltDesiredAccess
    {
        paRead       = 0x00000001,
        paWrite      = 0x00000002,
        paReadWrite  = 0x00000003
    };

public enum class ECreationDisposition : UINT
    {
        /// Creates a new file. The function fails if a specified file exists.
        New = 1,
        /// Creates a new file, always.
        /// If a file exists, the function overwrites the file, clears the existing attributes, combines the specified file attributes,
        /// and flags with FILE_ATTRIBUTE_ARCHIVE, but does not set the security descriptor that the SECURITY_ATTRIBUTES structure specifies.
        CreateAlways = 2,
        /// Opens a file. The function fails if the file does not exist.
        OpenExisting = 3,
        /// Opens a file, always.
        /// If a file does not exist, the function creates a file as if dwCreationDisposition is CREATE_NEW.
        OpenAlways = 4,
        /// Opens a file and truncates it so that its size is 0 (zero) bytes. The function fails if the file does not exist.
        /// The calling process must open the file with the GENERIC_WRITE access right.
        TruncateExisting = 5
    };

    [Flags]
    public enum class EFileShare : UINT
    {
        None = 0x00000000,
        /// Enables subsequent open operations on an object to request read access.
        /// Otherwise, other processes cannot open the object if they request read access.
        /// If this flag is not specified, but the object has been opened for read access, the function fails.
        Read = 0x00000001,
        /// Enables subsequent open operations on an object to request write access.
        /// Otherwise, other processes cannot open the object if they request write access.
        /// If this flag is not specified, but the object has been opened for write access, the function fails.
        Write = 0x00000002,
        /// Enables subsequent open operations on an object to request delete access.
        /// Otherwise, other processes cannot open the object if they request delete access.
        /// If this flag is not specified, but the object has been opened for delete access, the function fails.
        Delete = 0x00000004
    };
#32395
Posted: 02/28/2015 04:06:34
by Vladimir Cherniga (EldoS Corp.)

Quote
Gopal Malviy wrote:
It seems I'm redirected to forum list page on clicking Next/Last/Page Index in this forum. I cannot be able to see your reply. Can you mail me your response my email address?

I am not sure what did you mean, please clarify. Do you able to subscribe to the forum list ?
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 7798 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!